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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this, communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 04 March 2005 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1-6 and 9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-6, 9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 3/26/01 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(f). 
a)Q All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1 -6 and 9 are pending. 

2. Amendment submitted 4 March 2005 has been received and entered. 

Response to Arguments 

3. Applicant's arguments filed 4 March 2005 have been fully considered but they 
are moot in view of the new grounds of rejection. 

Claim Rejections - 35 (JSC § 103 

4. The following is a quotation of 35 (JSC. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Redlich Patent No 6,591 ,306 in view of Kirby et al US Patent No 5,898,784. 

6. With regards to claim 1 , Redlich discloses a system for IP network access for 
portable devices in which he teaches a transport entity for providing transport services 
(Redlich, column 25 lines 3-7 and lines 29-31), a security entity logically positioned 
above the transport entity and operative to set up secure communications sessions with 
peer security entities in other systems for the passing of application messages in PDU's 
(Redlich, column 25 lines 54-59), the security entity including a tunneling mechanism for 
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establishing a tunnel through an access-controlling intermediate system whereby to 
enable the local application entity to exchange application messages securely with a 
remote application entity on another system reachable via the intermediate system 
(Redlich, Figures 9 and 11, column 25 lines 19-42, column 26 lines 1-11), the tunneling 
mechanism establishing this tunnel by first setting up a first security session with the 
intermediate system and then a nested second security session with another system 
with PDUs associated with the second session being encapsulated within PDUs 
associated with the first session (Redlich, column 25 line 54 column 26 line 1 1 ), and 
each first PDU comprising addressing information, payload (Redlich, column 21 lines 
22-33, column 25 lines 27-32, column 26 lines 6-12, column 28 lines 19-35). Redlich 
fails to teach each first PDU having a message-type field for indicating to the security 
entity in the intermediate system whether a said first PDU it receives encapsulates a 
second PDU that is to be extracted and sent on. Kirby teaches each first PDU having a 
message-type field for indicating to the security entity in the intermediate system 
whether a said first PDU it receives encapsulates a second PDU that is to be extracted 
and sent on (Kirby, column 5 lines 55-63, decapsulates packet based upon inspection of 
policy id). At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to utilize Kirby' s method of forwarding packets with Redlich's 
system because it offers the advantage of allowing routing of packets to a correct 
destination in accordance with the virtual tunnel it came from (Kirby, column 3 lines 4-8, 
column 2 lines 51-55). 
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7. With regards to claim 2, Redlich as modified fails to teach the destination 
address being modifiable. Kirby teaches each PDU having a destination address that is 
modifiable without invalidating any security processing applied specifically to that PDU 
whereby the intermediate system can redirect PDUs that are indicated by the message 
type of an encapsulating PDU as intended for sending on (Kirby, column 6 lines 17-25). 

8. With regards to claim 9, Redlich teaches the local entity establishing first and 
second secure communication sessions respectively with the intermediate system 
(Redlich, column 25 lines 27-42, column 25 line 54 column 26 line 1 1) and the remote 
system with protocol data units, PDUs, associated with the second secure session 
being encapsulated within PDUs associated with the first secure session (Redlich, 
column 27 lines 1-10, data packets into PPP packets, PPP packets into GRE packets), 
each PDU including a type indicator (Redlich, column 28 lines 19-23, port number), and 
an intermediate system using said type indicator to determine whether a PDU it 
receives encapsulates a PDU associated with the second secure session and therefore 
to be sent on to the remote system (Redlich, column 28 lines 19-35). 

9. Claims 3-5 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Redlich US Patent No 6,591,306 and Kirby et al US Patent No 5,898,784, as applied to 
claim 1 above, and in further view of Subramaniam et al US Patent No 6,081 ,900. 

10. With regards to claims 3, Redlich as modified fails to teach the establishment of a 
security session effected through a handshake process by showing certificates 
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exchanged between the security entities. Subramaniam teaches the establishment of a 
security session effected through a handshake process between security entities during 
which each application entity involved is required to show by attribute certificates that it 
possesses certain attributes required of it by the other application entity (Subramaniam, 
column 12 lines 19-46). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Subramaniam's method of using 
certificates for authentication because it offers the advantage of providing a method for 
a client to have convenient, efficient, and secure access to data stored within a secure 
network (Subramaniam, column 3 lines 1-6). 

1 1 . With regards to claims 4-5, Redlich as modified fails to teach a remote broker 
system running a broker application that fronts for a target application entity. 
Subramaniam teaches a remote broker system running a broker application that fronts 
for a target application entity (Subramaniam, column 6 lines 61-64), the security entity 
being initially operative to seek to establish a security session with the broker 
application as the target application entity requiring of the broker application attributes 
considered by the local application entity as appropriate for the target application 
(Subramaniam, column 10 lines 36-62), the broker application responding by causing its 
associated security entity to return as part of its handshake with the security entity of the 
local application an indication that the broker application is a relay for the target 
application entity (Subramaniam, column 10 lines 36-62), the local application entity 
being operative to decide whether to request a tunnel be set up through the broker 
system by the tunneling mechanism and if so what requirements must now be met by 
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the broker application (Subramaniam, column 10 line 62 - column 1 1 line 2). At the 
time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to utilize Subramaniam's broker application because it offers the advantage of 
providing secure access to a secure intranet (Subramaniam, column 3 lines 11-18) 
through a broker that is versatile depending on the security needs of the local 
application entity (Subramaniam, column 3 line 52 - column 4 line 4). 

12. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Redlich 
Patent No 6,591 ,306 and Kirby et al US Patent No 5,898,784, as applied to claim 1 
above, and in further view of Brueckheimer et al US Patent No 6,574,224. 

13. With regards to claim 6, Redlich as modified fails to teach the tunneling 
mechanism capable of setting up multiply nested security sessions. Brueckheimer 
discloses a system for processing communications traffic in which he teaches a 
tunneling mechanism capable of setting up multiply nested security sessions though a 
corresponding number of intermediate systems (Brueckheimer, column 6 lines 41-46). 
At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to utilize Brueckheimer's method of nesting security sessions across 
multiple intermediate systems because it offers the advantage helping reduce latency 
by providing a method of establishing tunnels across a wide variety systems in an 
integrated network (Brueckheimer, column 1 lines 8-26 and column 2 lines 3-40). 



Conclusion 
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14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on 571 272 3838. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). A 
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